Security issues and memory leak fixes for the XinFin (XDC) network
Author: XinFin
Compiled by: ChainCatcher
The upgrade covers the feasibility of the XinFin (XDC) network addressing security issues and memory leak problems.
The XDC network is a global, open-source, permissioned proof-of-stake consensus network (XDPoS) that supports hybrid relay bridges, instant block finality, and interoperability with the ISO 20022 financial messaging standard. The network's hybrid (private/public) architecture is designed to support institutional use in trade finance and asset tokenization. The XDC network features interoperable smart contracts, 2,000 transactions per second, and Ethereum Virtual Machine compatibility, providing scalable infrastructure for enterprises and independent community contributors.
The Apothem Network (Testnet) is a network for smart contract developers to test smart contracts and protocol upgrades before deploying to the mainnet. Any upgrades to the XinFin XDC Network blockchain are first implemented on the Apothem test network, which simulates the XinFin XDC network, allowing developers and other community members to test the system before involving actual assets.
Now let's discuss the issues that the team has fixed, which will appear on the Apothem network.
internal/ethapi: EstimateGas and Call handle revert errors
The first issue mentioned is that the XDC blockchain does not display revert errors before sending transactions without any wallet/interface (metamask, XDCpay, Remix…). Errors cannot be seen before sending the transaction.
In the current version of XDPoSChain, it always returns the message: "gas required exceeds allowance or always failing transaction." If metamask or another client calls the method eth.estimateGas, the solidity contract function reverts. Therefore, users and wallet applications cannot predict when a revert will occur or receive a revert message when it does. This is the main issue in the xcantera complaint. The latest Pull Request resolves and returns the response message/reason for eth.call and eth.estimateGas. This PR has been tested on a dedicated network and will now be tested on the Apothem test network.
Code: https://explorer.apothem.network/address/xdc41cfa4c7c764c39237a765788eb0596c4b7a05ba#readContract
Request:
curl -X POST -H "Content-Type: application/json" https://rpc.apothem.network -d '
{
"jsonrpc": "2.0",
"method": "eth_estimateGas",
"params": [
{
"from": "0xD4CE02705041F04135f1949Bc835c1Fe0885513c",
"to": "0x41cfa4c7c764c39237a765788eb0596c4b7a05ba",
"data": "0x5524107700000000000000000000000000000000000000000000000000000000000000a",
"value": "0x0"
}
],
"id": 1
}'
Response:
{
"jsonrpc": "2.0",
"id": 1,
"error": {
"code": -32000,
"message": "gas required exceeds allowance or always failing transaction"
}
}
Now, users can see that this fix will first run on the XDC Apothem network.
Merge link: https://github.com/XinFinOrg/XDPoSChain/pull/200
Memory leaks degrade the performance of peers by reducing the amount of available memory. Ultimately, in the worst-case scenario, excessive available memory may be allocated, causing all or part of the system or device to stop functioning normally, applications to fail, or the system to slow down significantly due to thrashing.
The memory leak issue is based on the merged original v1/eth code, which will run on the XDC Apothem network along with the latest merge.